ClawHub

Doc2Markdown

Security checks across malware telemetry and agentic risk

Overview

This document converter sends user files to a third-party cloud service and may be invoked for broad read or summarize requests without a separate consent step.

Install only if you are comfortable sending documents to lab.hjcloud.com for conversion. Do not use it on confidential, regulated, credential-bearing, or customer documents unless you have independently reviewed the service's privacy and retention practices, and prefer requiring explicit user confirmation before each upload.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Tp4

High
Category
MCP Tool Poisoning
Confidence
97% confidence
Finding
The skill markets itself as a lightweight, no-external-dependencies document converter, but the documented workflow actually uploads user documents to a third-party cloud service for processing and polling. That mismatch can cause agents or users to treat the tool as local-only and inadvertently exfiltrate sensitive document contents, making the hidden network behavior materially dangerous.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The implementation contradicts the stated 'no external dependencies' and local conversion framing by hard-coding a remote cloud service and sending documents to it for processing. This is dangerous because users and downstream agents may treat the tool as local-only and inadvertently disclose sensitive files to a third party without informed consent or policy review.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The code reads arbitrary local files and transmits their full contents to https://lab.hjcloud.com/llmdoc, which is a direct data exfiltration path. In an agent setting, this is especially risky because the skill's purpose sounds like harmless document conversion, so sensitive internal documents, credentials, contracts, or regulated data could be sent off-host automatically.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger guidance uses broad phrases like reading, viewing, summarizing, or analyzing a document, which could cause an agent to invoke the skill for ordinary document tasks without the user specifically requesting remote conversion. In this skill's context, over-broad invocation is more dangerous because use of the skill uploads the document to an external service, so accidental triggering can become unintended data disclosure.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill uploads file contents to an external service without any explicit warning, confirmation step, or privacy notice at the point of use. That omission increases the likelihood of accidental disclosure because users and agents are not clearly told that conversion involves external transmission rather than local processing.

VirusTotal

1/64 vendors flagged this skill as malicious, and 63/64 flagged it as clean.

View on VirusTotal